From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 60D8B740032 for ; Thu, 22 Feb 2024 17:32:54 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=l1MbsUC8x4hwsaczIMsSz0Fqcn1cQSRKHM4ETSdeeww=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1708623173; v=1; b=au+wlYURIMvx0HnUZZIYkIDVWUAXa4LM1cu7DAomPVv/srhFQ4jflCc7Do+LiXxrdJGHJ3tD UruSMEubVzsBz2Tw79aX0HBXIrvPxKnqU9ywxIXXnx3obNe346L7Qdxwl+6btPiCJYfDlLUkkz4 U39Wxrk1ybL5sWbodsYyFxMw= X-Received: by 127.0.0.2 with SMTP id U7GrYY7687511xiswEcm5hAc; Thu, 22 Feb 2024 09:32:53 -0800 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.73]) by mx.groups.io with SMTP id smtpd.web10.19160.1708623172358077847 for ; Thu, 22 Feb 2024 09:32:52 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K+O6iH0yiXuZnILMQwujaWq1Od4OJQCzUG7X9/UGb/Fpt5UEzFSfLEZXn8zHX0BwRnxXpAdH2jfK1WjXrAaniCv79EVhmRjumCOx1WiZlgF6vkPZL5GHyTWZwn0MLi8whTzt/ZNjmE1wFnhFe1upOngAi1YMicPCniyHLakDSkLvSl+dsJAesMbYVgvRKj0WGGJNiM1mv0qiTJyCFk7B9fY33jUGtFV8/9wQjBHq9MkcXk1kIQqki25hqPOOAEi96NSoPh4TKdmwVcH7CuXvXMq0MwUvae+DFKbk8PRns1dUksHdyV4Esevf1B3HzND7xpGlScuc3c2Bn/UW2NLFWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3P02/3I4mn4use3+Wy/ha3/SiZUXsYYXMHHEpYVbogg=; b=bWkg04Sxw9HJ/JvfSLP6BHlIPVaCSI7C3bIlREJCzi22zZ14chH7c0dDn5sDEUpQjb4TooLiT5nUFbvLOYquJBM1mKBIAvc2A1xSgdA3HYGpNTf1DKWQwdTmfYbMhSGkaFUbZb573isiLX5aMTgAge/X+JpkWfv3Zt0cwCGcvYZyiPOCQrEWA1BMriHr+WePnz5YDRpklaDX5xwRNmg0Uxp1D0jWajUDZqYFDZxg50WrTMn0I6RzS4K7EMnYH9Xc+4dAx92RijkLL4VLYFQFuTT19sEHsuk2A8rxMAueqqQnjc8WFqkxHwgETWqNiiIoFyFVMJYSufwX7FECWoZetw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from BN9PR03CA0351.namprd03.prod.outlook.com (2603:10b6:408:f6::26) by MN0PR12MB6295.namprd12.prod.outlook.com (2603:10b6:208:3c0::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.21; Thu, 22 Feb 2024 17:32:50 +0000 X-Received: from BN2PEPF000044AA.namprd04.prod.outlook.com (2603:10b6:408:f6:cafe::26) by BN9PR03CA0351.outlook.office365.com (2603:10b6:408:f6::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.43 via Frontend Transport; Thu, 22 Feb 2024 17:32:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000044AA.mail.protection.outlook.com (10.167.243.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 17:32:49 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 22 Feb 2024 11:32:48 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v2 22/23] Ovmfpkg/CcExitLib: Provide SVSM discovery support Date: Thu, 22 Feb 2024 11:30:01 -0600 Message-ID: <806aee9c79e2c996b19795d44859adbc10f94b43.1708623001.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000044AA:EE_|MN0PR12MB6295:EE_ X-MS-Office365-Filtering-Correlation-Id: 0373b801-dc02-492a-d511-08dc33cc4ab8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: IPJxKkjJZ6SlBqeAfBLIP20fadQ0edVpXcPIOthP4wIuxj4QdJWFeABtKbqvnZUbYYNOwaH+Do5wsvul3IhtR2uv7nkeg4m/vSmVDq9SJuDqmYUpOpaIpRZ2Ik0eXbJCLbnLABscTu+trwcpZKyweIcw0E1JsFyT8/Lt9NINV3O4EfgW7xN/pOu7rIGbjHabL2hRwcybXz7xGxLyjHkOqLiFl7HtyrujXyjvneOO5SIKRAIEYnG+xCxgl7umS5+0zIXxA8bwhPuNh3ENF00c3r7leRHtADlc4Bu8uMxXfKM/FC0KXd/NZcpdE6yiYzqhI3/pPSOUzM1lLNo7cFCwO+ADI7pknB39U9QEMOFXwRm5SI4ikPAORXcpFeDxSbdu5MlImr2+C3JXHzOMHjRdlQpVloT/5n9c/OxqENmUWdoqvE23kGNpLIYawNaMctenyp8J0DvsvrePTg4LMG1UFReY60qvfvzmZzvVg8an83K/RbI7PSjpOl4qGuGYf9y6Tqr5R57V7dfMByxlf01TeTWsMWpAKrVFwgYllx8IzEHEqk/3PlQDvKAE2tONxyG52o/lT8o9mmceCH7In/hMnsZC6aHW3ty/PCQvpxQ+pdhCW/mKpaqyCnr7zLN90ba5aOuatGUfOGmuF4Ir2Cf1OQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 17:32:49.8489 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0373b801-dc02-492a-d511-08dc33cc4ab8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000044AA.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6295 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: ZkirjfF3TZHY86BWg0xXCAWJx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=au+wlYUR; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The SVSM specification documents an alternative method of discovery for the SVSM using a reserved CPUID bit and a reserved MSR. For the CPUID support, the #VC handler of an SEV-SNP guest should modify the returned value in the EAX register for the 0x8000001f CPUID function by setting bit 28 when an SVSM is present. For the MSR support, new reserved MSR 0xc001f000 has been defined. A #VC should be generated when accessing this MSR. The #VC handler is expected to ignore writes to this MSR and return the physical calling area address (CAA) on reads of this MSR. Signed-off-by: Tom Lendacky --- OvmfPkg/Library/CcExitLib/CcExitLib.inf | 3 +- OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 3 +- OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 ++++++++++++++++++-- 3 files changed, 31 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/Library/CcExitLib/CcExitLib.inf b/OvmfPkg/Library/CcEx= itLib/CcExitLib.inf index bc75cd5f5a04..692143acd9ad 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitLib.inf +++ b/OvmfPkg/Library/CcExitLib/CcExitLib.inf @@ -1,7 +1,7 @@ ## @file # CcExitLib Library. # -# Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved. +# Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights rese= rved.
# Copyright (C) 2020 - 2022, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -41,6 +41,7 @@ [LibraryClasses] DebugLib LocalApicLib MemEncryptSevLib + CcSvsmLib =20 [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase diff --git a/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf b/OvmfPkg/Library/C= cExitLib/SecCcExitLib.inf index 811269dd2c06..6778c1af6516 100644 --- a/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf +++ b/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf @@ -1,7 +1,7 @@ ## @file # VMGEXIT Support Library. # -# Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved. +# Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights rese= rved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -41,6 +41,7 @@ [LibraryClasses] LocalApicLib MemEncryptSevLib PcdLib + CcSvsmLib =20 [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Library/= CcExitLib/CcExitVcHandler.c index 0fc30f7bc4f6..edb4b57655d4 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c +++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c @@ -1,7 +1,7 @@ /** @file X64 #VC Exception Handler functon. =20 - Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved. + Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reser= ved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -713,10 +714,29 @@ MsrExit ( IN CC_INSTRUCTION_DATA *InstructionData ) { - UINT64 ExitInfo1, Status; + MSR_SVSM_CAA_REGISTER Msr; + UINT64 ExitInfo1; + UINT64 Status; =20 ExitInfo1 =3D 0; =20 + // + // The SVSM CAA MSR is a software implemented MSR and not supported + // by the hardware, handle it directly. + // + if (Regs->Rax =3D=3D MSR_SVSM_CAA) { + // Writes to the SVSM CAA MSR are ignored + if (*(InstructionData->OpCodes + 1) =3D=3D 0x30) { + return 0; + } + + Msr.Uint64 =3D CcSvsmSnpGetCaa (); + Regs->Rax =3D Msr.Bits.Lower32Bits; + Regs->Rdx =3D Msr.Bits.Upper32Bits; + + return 0; + } + switch (*(InstructionData->OpCodes + 1)) { case 0x30: // WRMSR ExitInfo1 =3D 1; @@ -1388,6 +1408,11 @@ GetCpuidFw ( *Ebx =3D (*Ebx & 0xFFFFFF00) | (Ebx2 & 0x000000FF); /* node ID */ *Ecx =3D (*Ecx & 0xFFFFFF00) | (Ecx2 & 0x000000FF); + } else if (EaxIn =3D=3D 0x8000001F) { + /* Set the SVSM feature bit if running under an SVSM */ + if (CcSvsmIsSvsmPresent ()) { + *Eax |=3D BIT28; + } } =20 Out: --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115857): https://edk2.groups.io/g/devel/message/115857 Mute This Topic: https://groups.io/mt/104512981/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-